New U.S. plan for responsible business conduct takes baby steps toward digital rights

This post is co-authored by Alyse Rankin and Peter Micek

Last month the U.S. government published its first National Action Plan (NAP) on responsible business conduct (RBC). The U.S. had agreed to do so in 2014, and the resulting document addresses a broad range of issues, including human rights, labor rights, land and property rights, anti-corruption and transparency, and information and communications technologies (ICTs).

We welcome this effort to address human rights in the ICT sector, given that most NAPs don’t touch on digital issues at all. It’s critically important, since U.S. companies reap huge profits by collecting data on people throughout the world, yet they remain largely unaccountable and out of reach, both to users and global data protection regulators. However, this NAP doesn’t go far enough in identifying specific human rights issues, and it falls short of the recommendations we made in our submission in the consultation process for the plan. Specifically, we’re disappointed that the U.S. doesn’t make any specific commitments to digital security, surveillance technology, or diversity and openness in the ICT sector.

Below, we take a look at the context for the NAP; what we advise for improving it; related issues for the ICT sector; what other countries are doing; responses from civil society; and the road ahead under the Trump administration.

Background for the plan

In 2014, the U.N. Human Rights Council requested that all U.N. member states develop an NAP outlining how the state will implement and promote the U.N. Guiding Principles on Business & Human Rights (UNGPs). The UNGPs do not single out any specific sector, and are quite broad and agnostic, so it’s up to those creating the NAPs to contextualize and realize the principles. There are 40 countries in the process of creating and publishing NAPs.

In an ideal world, such a process would include broad consultation with stakeholders, to take stock of how businesses cause or contribute to human rights violations; identify any gaps in law, government policy, or regulations; set an ambitious but feasible course of action to fill those gaps; and ultimately prevent, mitigate, and remedy future human rights abuses by corporations. Oh — and that plan would extend beyond one presidential administration.

The reality: Access Now did participate in a robust consultation processes. Then we waited a couple years, and got a short statement that largely cataloged what the government is already doing to assert human and labor rights in a variety of fields. The U.S. NAP outlines existing federal laws and policies that promote responsible business conduct and makes relatively few new commitments. Interestingly, it addresses the U.S. obligations under both the UNGPs and the OECD Guidelines for Multinational Enterprises. But it’s also limited in scope to U.S. companies acting abroad. Therefore, victims of human rights abuses that are linked to U.S. companies are intentionally ignored in this plan.

Our submission for addressing ICT issues in the NAP

The U.S. government consulted broadly with NGOs, academic institutions, foreign governments and business representatives in drafting the NAP. As part of this process, Access Now provided a submission in early 2015.

In our submission, we called on the government to develop a comprehensive guide with concrete commitments for the ICT sector on human rights. This included the following recommendations:

  • Transparency: encourage ICT companies to report on privacy and free expression indicators and provide more meaningful reports on these issues.
  • Digital security: encourage ICT companies to minimize the amount of data collected and retained, and to encrypt internet and telecom traffic to the extent legally possible, in order to reduce the susceptibility of information to surveillance and misuse.
  • Diversity and openness: express government support for protecting the neutrality of the internet, as well as promoting  digital inclusion by incentivizing the rollout of broadband internet to all users (particularly in rural and minority communities).
  • Remedy: improve access to remedy for people whose privacy and free expression, and rights to free assembly and association, are infringed online, through reforming the Mutual Legal Assistance Treaty (MLAT) system, amending federal laws and policies to strengthen access to remedies, and encouraging ICT companies to develop non-judicial remedy mechanisms.

While the NAP acknowledges the role the ICT sector can play in promoting and protecting human rights, the only specific commitments the NAP makes to the ICT sector are:

  • Collaboration: to work with other agencies and stakeholders to “develop a regular mechanism to identify, document, and publicize lessons learned and best practices related to corporate actions that promote and protect human rights online”; and
  • Engagement: to foster “continued engagement among relevant stakeholders” and “ongoing dialogue” on respecting human rights in the ICT sector.

The U.S. NAP does not specify the scope of these commitments, or how and when its lessons and best practices will be delivered. Given the NAP is limited to U.S. business conduct abroad, we can assume that the mechanism will not engage non-U.S. businesses. We hope that these initiatives will at a minimum be:

  • Comprehensive: engage all U.S. businesses (whether operating domestically or abroad);
  • Open: allow for individuals and civil society to participate in dialogue and contribute to its findings; and
  • Consider impact: address human rights impacts arising from the interaction of the ICT sector and other commercial sectors such as transportation, healthcare, and education.

Let’s look closer at what it does and doesn’t say.

Reporting and disclosures

While the U.S. NAP does express broad support for voluntary RBC reporting by companies, there is no expression of support for developing benchmarks for reporting, nor does it make any specific commitment to addressing transparency reporting on privacy or freedom of expression in the ICT sector. Standards have been developed — we support those developed by Ranking Digital Rights and Berkman Klein/OTI — and a government boost could have helped push them over the line. Additionally, the government can do much more to open up about its own surveillance of tech companies and their users, a topic left unaddressed.


The U.S. NAP fails to make any specific commitments to improving access to remedy for people who have their rights to privacy, free expression, assembly, and association infringed by ICT companies. The NAP’s commitment to developing a best practices mechanism for ICT companies is limited to promoting and engaging with companies, and does not appear to include an accountability or remedial mechanism for individuals to complain about ICT conduct that infringes their human rights.

The NAP does make broad commitments to improving access to remedy for victims of corporate human rights abuse. This would take place by undertaking a peer review process to improve the State Department’s National Contact Point (NCP), which investigates complaints of violations of the OECD’s Guidelines for Multinational Enterprises, and by working to improve access to the NCP for stakeholders who are outside of the U.S., or do not speak English.

The government also commits to consulting with stakeholders to improve access to remedy for victims of corporate rights abuse, but it appears this consultation will not consider amendments to particular legislation and judicial remedies, but rather, focus on improving corporate-level grievance mechanisms. We hope that the government will consult broadly with corporations and civil society in this process, and consider amending U.S. legislation and judicial remedies to assist victims of U.S. corporate misconduct abroad so they have adequate remedy in the U.S. This is a particular issue in the new Privacy Shield agreement between the U.S. and European Union.


The NAP fails to commit to a framework or a mechanism to monitor implementation of the NAP going forward, nor does it provide any guidance on whether the NAP will be revised and improved in the future, even though other countries have done so in their NAPs. Access Now calls upon the U.S. government to report publicly on how it implements the NAP and specify a time frame for revising the plan.

A related issue in the NAP relevant to ICT companies: what your phone is made of

In addition to the specific commitments made to the ICT sector, the U.S. makes other commitments that are relevant to ICT operations. For example, the government commits to developing best practice standards to support implementation of Section 1502 of the Dodd-Frank Wall Street Reform and Consumer Protection Act. These require companies to undertake due diligence and report on whether they purchase, directly or indirectly, minerals from the Democratic Republic of Congo (DRC), including tantalum, tin, gold, or tungsten. These minerals are used in products like mobile phones. This commitment is timely, given that U.S. Republicans recently proposed a full repeal of this provision.

What about other NAPs?

The U.S. NAP follows the publication of NAPs over the past few years by Colombia, Denmark, Finland, Italy, Germany, Lithuania, the Netherlands, Norway, Spain, Sweden, Switzerland, and the United Kingdom.

Several of the NAPs make specific commitments with regard to the ICT sector. For example:

  • United Kingdom: the government has committed to developing guidance to help companies assess and manage risks around surveillance technology exports.
  • The Netherlands: the government undertook a Sector Risk Analysis in 2014 which identified the electronics sector as among those with the greatest risk of adverse human rights impacts. The government has committed to negotiating voluntary corporate social responsibility (CSR) agreements that focus on transparency, dialogue with stakeholders, and monitoring of agreements with those sectors.
  • Sweden: the Swedish government acknowledges that “[i]nternet freedom and privacy are among the great global issues of the future” and describes it as “fundamental” that human rights are respected both online and offline. The Swedish NAP makes no new commitments to strengthening human rights in the ICT sector, but outlines a variety of initiatives that the Swedish government has participated in “to strengthen the dialogue with business on internet freedom,” which includes amending the OECD Guidelines for Multinational Enterprises and advancing two resolutions on internet Freedom at the U.N. Human Rights Council. The Swedish government also hosts the annual Stockholm Internet Forum on Internet Freedom.

Reactions to the U.S. NAP from civil society

We’re not alone in responding to the U.S. NAP. The International Corporate Accountability Roundtable, of which Access Now is a member, extensively promotes and consults on NAPs worldwide. ICAR describes the U.S. NAP as a good “starting point from which to address responsible business conduct,” but notes that it “fails to adequately address many of the concerns raised by civil society and labor organizations” and falls short of ensuring “U.S. corporations are not committing or linked to human rights abuses both at home and abroad.” ICAR argues that for the NAP to be effective, it must address both U.S. corporate conduct domestically and abroad. The organization has published a thorough NAPs Toolkit with guidance and templates for governments to follow for a successful NAP.

Human Rights Watch, meanwhile, describes the NAP as “too little, too late,“ and argues that it provides “few commitments that will lead to stronger or enforceable standards to hold corporations accountable for human rights abuses.” HRW also expresses concern that the U.S. NAP does not address how the Trump administration will approach RBC issues or implement the NAP.

Next steps: Keep pushing for progress

We believe the Trump administration must take steps to protect human rights around the world. However, on-the-record statements from the new U.S. president and his staff cast doubt on the their commitment to these issues. It goes without saying that we can’t count on the new administration to live up to its obligations in either implementing or updating the U.S. NAP on RBC. Aware that the political environment in the U.S. is in flux, staff intended to create an NAP to withstand a potentially hostile new administration. Only time will tell if they succeeded.

As for the ICT sector mechanism that the U.S. commits to create, we suggest using RightsCon as an opportunity to host this dialogue. The event is already a locus for collaboration between the U.S. ICT sector and civil society, human rights defenders, technologists, and policymakers around the world. It’s well placed connect actors in an open and outcome-oriented environment.

Finally, we call on every government, including the U.S., to either start or ramp up plans to implement the U.N. Guiding Principles on Business and Human Rights through NAPs. However, we advise that governments take care to follow best-practice guidance, such as ICAR’s NAPs Toolkit, to ensure that the process results in concrete, measurable objectives, without wasting stakeholders’ precious time and resources.